ThreatMapper icon indicating copy to clipboard operation
ThreatMapper copied to clipboard

Published 20 hours ago verified publisher icon deepfence

[v2] Deleting vulnerability result makes Top vulnerabilities and Top Attack paths disappear, and information in results is removed

Open jatin-baweja opened this issue 1 year ago • 4 comments

Describe the bug Once vulnerability result is deleted, 'Top 5 vulnerabilities' list disappears and 'Top Attack Paths' graph has overlapping text of 'No attack paths found'. Also, results lose information like CVSS score, Description, etc.

To Reproduce Steps to reproduce the behavior:

  1. Go to 'Vulnerabilities' section
  2. Click on 'See All Scans'
  3. Click on any of the host/container/image to show its latest complete scan details
  4. Delete any result from the list. 'Top 5 vulnerabilities' list disappears and 'Top Attack Paths' graph has overlapping text of 'No attack paths found'. Also, other results lose information

Expected behavior On vulnerability result deletion, other results should not be impacted.

Screenshots Before deletion: pre_deletion_graphs pre_deletion_results

After deletion: after_deletion_graphs after_deletion_results

Components/Services affected

  • [x] UI/Frontend
  • [x] API/Backend
  • [ ] Agent
  • [ ] Deployment/YAMLs
  • [ ] CI/CD Integration
  • [ ] Other (specify)

Additional context Add any other context about the problem here.

jatin-baweja avatar Jul 17 '23 16:07 jatin-baweja

Notice all cvss score becomes 0. That's why top vulnerabilities doesn't load.

manV avatar Jul 18 '23 02:07 manV

Attack path needs to be fixed though

manV avatar Jul 18 '23 06:07 manV

Removing this part of code on server fixes the issue https://github.com/deepfence/ThreatMapper/blob/v2/deepfence_server/reporters/scan/scan_result_actions.go#L138-L153

gnmahanth avatar Jul 19 '23 15:07 gnmahanth

fixed in https://github.com/deepfence/ThreatMapper/commit/8ff0d11237cec51e2146b39a8ea81e1f505e45cc

gnmahanth avatar Jul 19 '23 15:07 gnmahanth